[Nikto-discuss] Nikto tests

On Mon, 13 Jul 2009 22:41:30 +0100, Sammy Sossa <sammy.sossa20 at gmail.com>
wrote:
> How do I go about making Nikto run my User-defined tests only? Do I just
> delete the db files from plugin directory, and keep my udb files?
There's no current support for doing this, I could add it as a tuning
option for Nikto 2.1.0 if required (as it would be quite easy). Possibly
the easiest way would be to edit the db_ files and replace them with your
tests. Deleting them will cause nikto to bring up errors.
The plugins will always run if present, this depends on which version of
nikto you run. In nikto 2.03 you can edit nikto_plugin_order.txt and
delete those you don't want run. One nikto 2.1.0 you will need to remove
plugins you don't want to run. I do plan eventually to allow this through
the command line.
> Also, about changing nikto agent, can I put in anything I want in there?
> Like "this is a research project"?
There's no default option to change this - though one should probably be
added and would be trivial). But, you can hack this by editing
plugins/nikto_core.plugin and search for Mozilla and you should get a line
like this:
$NIKTO{useragent}="Mozilla/4.75 ($NIKTO{name}/$NIKTO{version})";
Edit this to have whatever you want, e.g.:
$NIKTO{useragent}="Mozilla/4.75 (Research Project)";
It's advised to keep the Mozilla string in as some web servers may do
filtering on the user agent string to remove bots.
Ta
dave